proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-05-31 21:08:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8,330 Commits 1 Branch 0 Tags 24 MiB
ae80ba6d16
Commit Graph

194 Commits

Author SHA1 Message Date
Valentin David
70eed3cb9b snap: read the host os-release instead of base snap 
This should fix #5485. Depends on https://github.com/snapcore/snapd/pull/12545
 2023-02-08 04:21:18 +00:00
Valentin David
429c4ff2a6 Optionally disable Polkit check with an environment variable 
When running in a confined snap, it is not possible to check whether a
policies have been installed.
 2023-02-01 20:44:56 -06:00
Valentin David
5ce5080844 Allow overriding lock directory with an environment variable 2023-02-01 20:44:56 -06:00
Richard Hughes
00e8aaefc6 Use a more compact JSON format using precommit 2023-01-30 14:19:59 +00:00
Mario Limonciello
52d6c3cb78 Update documentation to indicate that loading "OS Optimized Defaults" 
may enable security processor rollback protection on Lenovo systems.

fixes: #5394
 2023-01-18 08:08:16 +00:00
Richard Hughes
2b0f92506b Refactor the hwids functionality 
This refactors the code as it was getting very confusing; before FuSmbios was
reading both SMBIOS and the kernel-provided DT -- and various things were
injecting overrides in three different place. To properly support FDT remove
one layer of indirection.

This also lets us use the compatible strings to enable plugins specifying the
flag _REQUIRE_HWID -- which means we only load the plugin if it's got a chance
of working. e.g.

    [aspeed,ast2500]
 2023-01-18 07:04:44 +00:00
Mario Limonciello
450c3be909 trivial: update supported cpu documentation to add more info for AMD 
This should hopefully help disambiguate when information isn't available
what to do.

Fixes: #5415
 2023-01-17 13:28:51 -06:00
Richard Hughes
4057edb24b trivial: Add FU_PATH_KIND_SYSFSDIR_DMI for future use 2023-01-16 20:23:28 +00:00
Mario Limonciello
17d92d96be trivial: clarify documentation on PSP security processor (Fixes: #5394) 2023-01-10 12:33:05 -06:00
Richard Hughes
058dc2301a Include the plugin README text in the generated docs 2023-01-10 14:58:30 +00:00
Richard Hughes
542014ebe3 Use 'check' when calling run_command() to avoid a warning 
New versions of meson [correctly] warn when this parameter is not specified.
 2022-12-29 15:49:02 +00:00
Josh Soref
67deecde31
Lots of spelling fixes 
Fixes:

* activate
* active
* additional
* and
* approaches
* attestation
* bootloader
* calculate
* capability
* children
* close
* compatible
* continuous
* convenience
* critical
* data
* delivery
* disabled
* disambiguate
* documented
* elapse
* emergency
* erasable
* expectations
* filesystem
* from
* haptic
* ignorable
* images
* infinity
* information
* information
* inhibited
* insufficient
* interrupt
* into
* limited
* management
* manifest
* maximum
* memory
* metadata
* mismatch
* model
* nonexistent
* not
* objects
* offset
* omissions
* ota
* past
* perform
* peripherals
* predictable
* product
* quarterly
* quirk
* quirks
* recognize
* release
* requests
* revocation
* sanitized
* sector
* status
* the
* the update
* timeout
* transfer
* transfers
* typically
* unspecified
* upgrade
* which
* will
* wireless
 2022-12-29 13:57:31 +00:00
Mario Limonciello
45662477f4 Don't suggest iommu=pt to people (Fixes: #5304) 2022-12-08 09:17:00 -06:00
Richard Hughes
3538637a7e Use the correct AppStream ID for the KM 2022-12-05 16:05:58 +00:00
Richard Hughes
85495b5bb2 Generate OVAL rules 2022-11-24 10:22:27 +00:00
Mario Limonciello
5d25661727 Add security attribute for OEM specific implementations of BIOS rollback protection 2022-11-18 14:28:13 +00:00
Mario Limonciello
daac8b31da Move AMD platform rollback protection into level 4 
This was expected to be used more prevalently than it is being used
in practice.

Link: https://github.com/fwupd/fwupd/issues/5261
 2022-11-18 14:28:13 +00:00
Jan Tojnar
716f41b7b2 build: Do not check markdown version for gi-docgen 2022 
There is no guarantee that Python environment used for the build contains
the same `markdown` version as the one used for running `gi-docgen`.
For example, Nixpkgs uses a self-contained Python environment for the latter,
so `markdown` package is not even available in fwupd build environment.
Fortunately, gi-docgen 2022.2 already checks for `markdown` version
so we can omit our own check for newer gi-docgen versions.
 2022-11-16 12:32:57 -06:00
Kai Michaelis
6519f28d26
Explain the smc bmc license issue 
Add documentation and a helper license script.
 2022-11-04 12:55:48 +00:00
Richard Hughes
da6928fe76 Do not use globs when building docs 
If we use an explicit file lists then the docs are regenerated when the source
files change.
 2022-11-02 13:54:23 +00:00
Richard Hughes
8f904cac17 Add documentation for three existing HSI attributes 
Fixes https://github.com/fwupd/fwupd/issues/5233
 2022-11-02 13:54:23 +00:00
Richard Hughes
912a578411 trivial: Be less verbose when parsing IHEX files 2022-10-27 15:29:45 +01:00
Richard Hughes
820e42143d Make the HSI specification machine readable 
This allows us to convert it to other forms, e.g. OPAL.
 2022-10-24 16:24:25 +01:00
Richard Hughes
5fcfe7f0fc Only count the Microsoft hashes when getting the dbx version 
HP include extra keys that means the version is higher than expected.
 2022-10-17 16:31:37 +01:00
Richard Hughes
0f8ec55f46 Add a new plugin to get more Intel ME MCA data 
This allows us to get the OEM Public Key BootGuard hashes.

Also add a new HSI test for leaked bootguard keys.
 2022-10-13 18:34:00 +01:00
Richard Hughes
a69341b228 trivial: Add a new env var to show MEI reads and writes 2022-10-01 13:10:21 +01:00
Mario Limonciello
d5585728a2 trivial: don't refer to plugindir in the build system anymore 2022-09-28 15:12:10 -05:00
Richard Hughes
99002a7a18 Build many more plugins as builtin 
This reduces the plugin directory size by 2.2Mb
 2022-09-28 17:01:23 +01:00
Richard Hughes
49af1667bd trivial: Install the devhelp symlinks relative 
We want /usr/share/docs/fwupd/libfwupd for the docs that can be referenced from
index.html, and a symlink of /usr/share/docs/libfwupd for devhelp.

This fixes the rpmbuild warning:

    # absolute symlink: /usr/share/doc/fwupd/libfwupd -> /usr/share/doc/libfwupd
    # absolute symlink: /usr/share/doc/fwupd/libfwupdplugin -> /usr/share/doc/libfwupdplugin
 2022-09-22 16:24:56 +01:00
Richard Hughes
bfebede490 Add support for platform capability descriptors so devices can set quirks 
This feature adds support for platform capability BOS descriptors which allows
the device itself to ship quirk data.

Use `sudo fwupdtool get-devices --save-backends=FILENAME` to save fake backend
devices to a file. This allows easy creation of self tests that do not require
physical hardware.
 2022-09-13 12:07:35 +01:00
Mario Limonciello
f9b631f704 trivial: match markdown version using meson instead 
This drops the python packaging module requirement
 2022-09-02 06:10:53 -05:00
Mario Limonciello
04573f46a3 trivial: loosen markdown dependency to 3.2 
Link: https://gitlab.gnome.org/GNOME/gi-docgen/-/merge_requests/166
 2022-09-02 06:10:53 -05:00
Mario Limonciello
f6fddc1470 trivial: show a better error why docs fails if markdown not installed 
We require at least 3.3.3, but if they don't have anything at least show a message.
 2022-09-01 10:43:34 -05:00
Mario Limonciello
473459c93d trivial: add an explicit check for python's packaging module 
Fixes: #4976
Suggested-by: eschwartz93@gmail.com
 2022-08-31 08:49:51 -05:00
Richard Hughes
0ea9f4cea3 Install the symlink the other way around 
RPM based distros cannot replace a directory with a symlink without a giant hack.
 2022-08-31 08:26:41 +01:00
Mario Limonciello
e26be40490 trivial: disable security arg when HSI disabled 
There is no point to offering the security argument to the tools if HSI was disabled
at compile time.
 2022-08-30 11:42:58 -05:00
Mario Limonciello
72f19f2a12 trivial: fix documentation deployement 2022-08-29 18:20:46 -05:00
Mario Limonciello
a56b5b2d36 trivial: in the not enough information case show an URL 2022-08-29 18:20:46 -05:00
Mario Limonciello
a44fc42cf6 trivial: Add pages to fwupd.github.io index for HSI and BIOS Settings 2022-08-29 18:20:46 -05:00
Mario Limonciello
613cb455be trivial: fix some URLs for GTK projects in documentation 2022-08-29 20:48:09 +01:00
Mario Limonciello
bfa5741a98 trivial: make it clear the documentation isn't just for developers 2022-08-29 20:47:51 +01:00
Mario Limonciello
5777f37191 trivial: Move recommendations from the wiki to HSI spec 
We publish the HSI spec at fwupd.github.io. We should make this
the first landing area for HSI content, going out to the wiki page
only as necessary.
 2022-08-29 20:44:20 +01:00
Mario Limonciello
9391deb2d7 trivial: only accept bios settings ending in .json 2022-08-25 10:08:39 +01:00
Mario Limonciello
087a809a5a Add documentation for fwupd BIOS settings API 2022-08-24 14:10:11 -05:00
Mario Limonciello
01d120efda trivial: Make BIOS setting parsing errors less verbose by default 
The `--verbose` output for getting BIOS setting info is very noisy
on Lenovo systems due to a mismatch for the driver behavior and
kernel API.

Hide most of it behind an optional environment variable
`FWUPD_BIOS_SETTING_VERBOSE`.
 2022-08-22 09:29:08 -05:00
Richard Hughes
829258401e Allow plugins and backends to print debugging information to the console 
This is really useful for debugging.
 2022-07-28 16:10:06 +01:00
Richard Hughes
66532a1293 trivial: Make fuzzing less verbose 2022-07-25 17:07:33 +01:00
Richard Hughes
f532d81da9 trivial: Use __version__ to fix new versions of python-markdown 2022-07-19 13:34:02 +01:00
Richard Hughes
fd458cd0de Migrate away from the deprecated distutils 2022-07-19 13:34:02 +01:00
Richard Hughes
62fc515714 Allow loading in emulated host profiles for debugging 
This allows us to load sets of different host security attributes
for testing the various front end tools we have now. e.g.

    sudo FWUPD_HOST_EMULATE=thinkpad-p1-iommu.json.gz fwupd

or, using a non-compressed absolute path:

    sudo FWUPD_HOST_EMULATE=/tmp/test/thinkpad-p1-iommu.json fwupd

Data can be created with `./contrib/generate-emulation.py file.json`
and then can be manually modified if required. Running the script on
a file that already exists will just strip out any unneeded data, as
well as piping content into it using stdin.

As a precaution, the org.fwupd.hsi.HostEmulation attribute is added
so we do not ask the user to upload the HSI report. It also allows
the LVFS to ignore any HSI reports with this attribute for clients
that upload HSI reports regardless.

See https://github.com/fwupd/fwupd/discussions/4832
 2022-07-18 16:27:59 +01:00